Loading...

XML

Word

Printable

Details

Type: Story
Resolution: Done
Priority: Critical
Fix Version/s: None
Affects Version/s: None
Labels:
- groomed

Story Points:
2
Blocked:
False
Blocked Reason:
None
Ready:
False
Epic Link:
Ensure Cluster Machine Approver metrics are only available via HTTPS
Feature Link:
OCPSTRAT-970 - Ports used by OCP should have TLS supports

Sprint:
CLOUD Sprint 245

SFDC Cases Links:
SFDC Cases Counter:

Description

Background

CMA currently exposes metrics on two ports via the 0.0.0.0 all hosts binding. We need to make sure that only the TLS port is accessible from outside localhost.

Steps

Move the binding for the local metrics server to localhost only
Ensure kube-rbac-proxy is still proxying the requests over TLS

Stakeholders

Cluster Infra
Subin M

Definition of Done

Metrics from CMA are only exposed over TLS

Docs

<Add docs requirements for this card>

Testing

<Explain testing that will be added>

Attachments

Issue Links

is depended on by

OCPSTRAT-970 Ports used by OCP should have TLS supports

Closed

links to

openshift/cluster-machine-approver#211: OCPCLOUD-2277: Ensure Cluster Machine Approver metrics are only available via HTTPS

openshift/cluster-machine-approver#216: Revert #211 "OCPCLOUD-2277: Ensure Cluster Machine Approver metrics are only available via HTTPS"

Activity

People

Assignee:: Rachel Ryan

Reporter:: Joel Speed

QA Contact:: Milind Yadav

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2023/11/13 3:45 PM

Updated:: 2023/11/30 7:15 PM

Resolved:: 2023/11/29 12:30 PM